paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

saml: Don't raise AssertionError if no name is provided in SAMLResponse.

Browse Source 
This is an acceptable edge case for SAML and shouldn't raise any errors.
This commit is contained in:
Mateusz Mandera
2021-07-07 15:48:28 +02:00
committed by Tim Abbott
parent 80b7df1b0d
commit ebb6a92f71
2 changed files with 39 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
zerver/tests/test_auth_backends.py
View File

@@ -1808,9 +1808,13 @@ class SAMLAuthBackendTest(SocialAuthBase):
with {email}, {first_name}, {last_name} placeholders, that can with {email}, {first_name}, {last_name} placeholders, that can
be filled out with the data we want. be filled out with the data we want.
""" """
if name:
name_parts = name.split(" ") name_parts = name.split(" ")
first_name = name_parts[0] first_name = name_parts[0]
last_name = name_parts[1] last_name = name_parts[1]
else:
first_name = ""
last_name = ""
extra_attrs = "" extra_attrs = ""
for extra_attr_name, extra_attr_values in extra_attributes.items(): for extra_attr_name, extra_attr_values in extra_attributes.items():
@@ -1840,6 +1844,29 @@ class SAMLAuthBackendTest(SocialAuthBase):
def get_account_data_dict(self, email: str, name: str) -> Dict[str, Any]: def get_account_data_dict(self, email: str, name: str) -> Dict[str, Any]:
return dict(email=email, name=name) return dict(email=email, name=name)
def test_auth_registration_with_no_name_provided(self) -> None:
"""
The SAMLResponse may not actually provide name values, which is considered
unexpected behavior for most social backends, but SAML is an exception. The
signup flow should proceed normally, without pre-filling the name in the
registration form.
"""
email = "newuser@zulip.com"
subdomain = "zulip"
realm = get_realm("zulip")
account_data_dict = self.get_account_data_dict(email=email, name="")
result = self.social_auth_test(account_data_dict, subdomain=subdomain, is_signup=True)
self.stage_two_of_registration(
result,
realm,
subdomain,
email,
"",
"Full Name",
skip_registration_form=False,
expect_full_name_prepopulated=False,
)
def test_social_auth_no_key(self) -> None: def test_social_auth_no_key(self) -> None:
""" """
Since in the case of SAML there isn't a direct equivalent of CLIENT_KEY_SETTING, Since in the case of SAML there isn't a direct equivalent of CLIENT_KEY_SETTING,

13
zproject/backends.py
View File

@@ -1397,11 +1397,16 @@ def social_associate_user_helper(
full_name = kwargs["details"].get("fullname") full_name = kwargs["details"].get("fullname")
first_name = kwargs["details"].get("first_name") first_name = kwargs["details"].get("first_name")
last_name = kwargs["details"].get("last_name") last_name = kwargs["details"].get("last_name")
if all(name is None for name in [full_name, first_name, last_name]) and backend.name != "apple": if all(name is None for name in [full_name, first_name, last_name]) and backend.name not in [
# Apple authentication provides the user's name only the very first time a user tries to log in. "apple",
"saml",
]:
# (1) Apple authentication provides the user's name only the very first time a user tries to log in.
# So if the user aborts login or otherwise is doing this the second time, # So if the user aborts login or otherwise is doing this the second time,
# we won't have any name data. So, this case is handled with the code below # we won't have any name data.
# setting full name to empty string. # (2) Some IdPs may not send any name value if the user doesn't have them set in the IdP's directory.
#
# The name will just default to the empty string in the code below.
# We need custom code here for any social auth backends # We need custom code here for any social auth backends
# that don't provide name details feature. # that don't provide name details feature.